© arquera

Apple this week finally released a patch for a serious Java security flaw that's been around since December of last year.

"The flaw is fixed in Mac OS X 10.5.7 and Mac OS X 10.4.11, available from Apple's website or via OS X's built-in software update mechanism... The bug (designated CVE-2008-5353 in the Common Vulnerabilities and Exposures database) was first reported to Sun in August of last year, and was patched by Sun in December," writes ZDNet's Matthew Broersma. "It allows a remote attacker to take over a system, and was ranked as 'highly critical' by security vendor Secunia."

"Apple regularly comes under fire for its sluggish pace," writes Computerworld's Gregg Keizer. "Last month, a security researcher angered by the delays posted attack code that exploited one of the unfixed bugs. The vulnerability exploited by Landon Fuller, a San Francisco-based researcher, was one of the many that Sun fixed Dec. 3, 2008, but that Apple only got around to patching yesterday."

"While OS X is still arguably safer than Windows, safety and security are not necessarily the same thing," writes TheAppleBlog's Charles Jade. "A more aggressive attitude towards security by Apple now might help protect Mac users in the future..."

More here from The Register ... and more here from InformationWeek.